SNMP (Simple Network Management Protocol) was developed to provide a tool for multivendor, interoperable network management. SNMP provides a set of standards for network management, including a protocol, a database structure specification, and a set of data objects. SNMP was adopted as the standard for TCP/IP-based intemets in 1989.
An explanation of SNMP technology is beyond the scope of this document and the reader is assumed to be either conversant with SNMP or to have access to conventional textbooks on the subject, such as William Stallings, "SNMP, SNMPv2 and RMON," Addison Wesley (1996), which is hereby incorporated by reference in its entirety as background information.
Many networks use a network manager and some form of Simple Network Management Protocol (SNMP) for managing the network. Among its management tasks, the network manager automatically monitors the status of the devices on the network. The network manager sends event requests to the devices, which are requested to return responses when certain events occur. For example, a disk agent might be requested to send a response if available disk space falls below 50%.
An SNMP-manageable device stores in its memory a Management Information Base (MIB), a collection of objects or variables representing different aspects of the device (e.g., configuration, statistics, status, control). For each class of device, the MIB has a core of standard variables. Each vendor of a device will add to the core, variables that it feels are important to the management of its device.
The MIBs for the manageable devices in a network not only store management information that can be retrieved, but also contain variables whose values, when modified by a network manager, modify the operation of the device. Simple examples are disabling a device's operation, changing the priorities assigned to different tasks performed by a device, and changing the set of messages generated by the device and the set of destinations to which those messages are sent.
Clearly, it is important to prevent unauthorized persons from accessing the management information objects in a network. Otherwise, not only will confidential information be obtained by unauthorized persons, but also the network would be open to acts of sabotage. The present invention addresses the subject of access control for network management information objects.
ITU-T X.741 (1995) is an industry standard, published by the Telecommunication standardization sector of the International Telecommunication Union, previously known as the CCITT, entitled Data Networks and Open System Communications, OSI Management. The X.741 standard specifies an access control security model and the management information necessary for creating and administering access control associated with OSI (open systems interconnection) system management.
There are a number of related ITU-T standards that relate to OSI systems management that are relevant to the present invention, particularly X.740 (1992) (security audit trail function) and X.812 (1995) (data networks and open systems communications security). All three of these ITU-T standards, X.741(1995), X.740(1992) and X.812(1995) are hereby incorporated by reference as background information.
While the X.741, X.740 and X.812 standard define a fairly comprehensive access control framework for controlling access to network management objects, there remain numerous access control and management issues that are not addressed or resolved by these standards.
In particular, while X.741 and the related standards define access control for limiting access to management objects, these standards do not address or specify any mechanism for limiting access to event reports. Event reports (usually called event notifications), such as the reports generated when an object is created, deleted, or a management parameter passes a specified threshold, in many systems are broadcast to all listeners. This is clearly unacceptable if the network is, for instance, the telephone switching network owned by a large telecommunications company, and the event reports concern resources being installed or utilized for a particular customer. That is, customer A should not be allowed to receive event reports about network resources being used on behalf of customer B.
In fact, the presumption in X.741 and the related standards is that event report security should be implemented using a mechanism that is separate from the access control mechanism used for restricting access to management objects. After all, access control to management objects filters inbound messages requesting access to objects, while event reports are outbound messages.
However, it has been observed by the inventors of the present invention that in many cases, the objects that a person is to be prohibited from accessing are also the objects from which that person should not be receiving event reports. For instance, using the above example, employees of customer A should neither access nor receive event reports for any of the objects that have been allocated to customer B.
Therefore it is a goal of the present invention is to provide an integrated security system for restricting access to management objects and event reports.